Threat actor · all actors
Sea TurtleG1041 unknown
aka Sea Turtle, Teal Kurma, Marbled Dust, Cosmic Wolf, SILICON
Last updated: 2026-07-03
About this actor
[Sea Turtle](https://attack.mitre.org/groups/G1041) is a Türkiye-linked threat actor active since at least 2017 performing espionage and service provider compromise operations against victims in Asia, Europe, and North America. [Sea Turtle](https://attack.mitre.org/groups/G1041) is notable for targeting registrars managing ccTLDs and complex DNS-based intrusions where the threat actor compromised DNS providers to hijack DNS resolution for ultimate victims, enabling [Sea Turtle](https://attack.mitre.org/groups/G1041) to spoof log in portals and other applications for credential collection.(Citation: Talos Sea Turtle 2019)(Citation: Talos Sea Turtle 2019_2)(Citation: PWC Sea Turtle 2023)(Citation: Hunt Sea Turtle 2024)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 22 / 40 | 55% |
CM-6 | 19 / 40 | 48% |
CM-2 | 17 / 40 | 42% |
AC-3 | 15 / 40 | 38% |
AC-6 | 13 / 40 | 32% |
SI-3 | 13 / 40 | 32% |
SI-7 | 13 / 40 | 32% |
CA-7 | 12 / 40 | 30% |
CM-7 | 12 / 40 | 30% |
RA-5 | 12 / 40 | 30% |
SC-7 | 12 / 40 | 30% |
AC-4 | 11 / 40 | 28% |
AC-2 | 10 / 40 | 25% |
AC-5 | 9 / 40 | 22% |
IA-2 | 9 / 40 | 22% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Night Dragon 0.28
- Dragonfly 0.21
- Threat Group-3390 0.21
- HAFNIUM 0.20
- C0021 0.20